The case is EF Cultural Travel BV et al. v. Zefer Corp. and Explorica, Inc., No. 01-2001 (1st Cir. 2003). EF and Explorica are competitors in the student travel business. EF has a web site where it publicly displays its prices. Explorica, formed by former EF employees, hired Zefer* to write an program to scrape EF's site and create a database of EF's prices. Then Explorica undercut EF's prices by 5 percent and, presumably, enjoyed some competitive success. EF brought a motion for a preliminary injunction to stop Explorica and Zefer from scraping its prices. The motion was granted and both Explorica and Zefer appealed. Zefer's appeal was stayed because of bankruptcy proceedings and Explorica's was denied [west summary] based on a breach of a confidentiality agreement argument (that publicly available codes and prices can be protected by a confidentiality agreement is beyond me, but not the subject of this post). The current opinion tackles the question of whether the injunction was valid against Zefer, the company Explorica hired to make and run the scraper.

Chief Judge Michael Boudin wrote the opinion of the Court. It affirmed the injunction but only to the extent Zefer would be bound not to help Explorica violate the injunction against it in any case (ie without Zefer having done anything wrong in the first case). However, the wonder of the opinion, and why I write that it is a bit strange, is all of the other (unnecessary) things in it.

knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value, unless the object of the fraud and the thing obtained consists only of the use of the computer and the value of such use is not more than $5,000 in any 1-year period;

18 USC 1030(a)(4). For the purposes of its opinion the First Circuit assumed that the fraud element(s) were met and focused on the appropriate test for "exceeding authorized access." The District Court had proposed a "reasonable expectations" test based on what the user might have expected was reasonable (a la reasonable expectation of privacy and the Fourth Amendment). The First Circuit flatly rejected that test and instead made clear that in order to "exceed authorized access," in accessing publicly available web pages, that access had to be explicitly prohibited (through a terms of service or other such mechanism).

Later I will try to excavate other interesting nuggets from the decision and give my take on the ramifications...

I am posting the following as a bit of celebration after reading the decision discussed below.

National Geographic posts some incredible photographs for use as backgrounds on its Photo of the Day page along with instructions (for Windows and Mac only) on how to make the image your desktop background. The following script downloads the daily background to automate that task. If you need to convert the image, I suggest ImageMagick's wonderful collection of utilities.

#always use strict

use strict;

#for the getting of the page and image

use LWP::Simple;

#get the entry page and look for the link to the big background picture

Is out. Looks like the RIAA won and Verizon will be forced to respond to a subpoena under 17 USC 512(h) without a lawsuit being filed. More to come after I have read it.

Later: The ruling is (almost) all about statutory construction. Verizonargued that 512(h), which allows copyright holders to serve subpoenas on service providers for users' identities without the necessity of filing suit, did not apply to service providers covered by Section 512(a), including Verizon. [A short detour to refresh readers' recollections that Section 512 is directed at four types of service providers defined in the section's subsections providing safe harbor to these providers. They are: 512(a) (mere transmitters), 512(b)(cachers), 512(c) (hosters) and 512(d) (information locators) ] Verizonargued that 512(h) did not apply to them because 512(h) requires that a 512(c)(3)(A) notice be provided. A 512(c)(3)(A) notice is part of section 512(c) (and incorporated into 512(b) and (d)) and requires, in part:

Identification of the material that is claimed to be infringing or to be the subject of infringing activity and that is to be removed or access to which is to be disabled, and information reasonably sufficient to permit the service provider to locate the material.

Verizon argued that the notice can't be applied to them because they do not host the allegedly infringing material.

The Courth sided with the RIAA and found that 512(h) covers Section 512(a) providers (and by extention 512(b) and 512(d) entities as well.) The decision discusses the constitutional issues relating to anonymous speech (and gives a lot of dicta about the lack of a problem) but declines to rule on them because they were not appropriately raised by the parties.

Other quotations from the opinion to note:

"The copyright holder, however, cannot readily determine whether its infringed material was stored on or merely transmitted across the service provider's system, and hence whether it faces a subsection (c) or subsection (a) situation. As a result, if the copyright owner could only utilize the subpoena process for subsection (c) service providers, it would have to establish at the outset that the service provider fell within subsection (c) in the particular case at hand." - I don't understand this, the copyright holder still has to figure out who to send the subpoena to, no? And if so, are there really instances where this would be a higher burden? Especially since good faith is all that 512(h) requires of the request.

"Moreover, the Supreme Court recently confirmed in Eldredv. Ashcroft that the proximity of the Copyright Clause and the First Amendment demonstrates 'the Framers' view [that] copyright's limited monopolies are compatible with free speech principles,' and that copyright serves to promote First Amendment ideals as ''the engine of free expression.'' "(citations omitted) - Again, this seems to be taking Eldred way out of context, indeed as Jack Balkin has argued, Eldred may stand for the opposite proposition with respect to paracopyrights such as those in 512(h).

[As] we saw from the headlines, no judge is necessary to obtain the subpoena...nor, it seems, does the copyright holder have to prove infringement in order to get a subpoena.

Of course, this has always been the case because a copyright holder could simply file suit against a John Doe defendant and then serve a subpoena on the ISP. Notice that no judge is required to intervene, nor is any copyright infringement proven before the information is turned over. However, there is a line of cases attempting to change that with some success in the defamation context. See e.g. Dendrite International v. John Does, et al.

[T]he following four requirements ... must be satisfied in order to discover the actual identity of a defendant: (1) identify the missing party with sufficient specificity such that the court can determine that defendant is real person or entity who could be sued in federal or state court; (2) identify all previous steps taken to locate the elusive defendant; (3) establish, to the court's satisfaction, that plaintiff's suit could withstand a motion to dismiss; and (4) file a statement of reasons justifying the specific discovery requested, as well as the identification of a limited number of persons or entities on whom discovery process might be served and for which there is a reasonable likelihood that the discovery process will lead to identifying information about the defendant that would make service of process possible.

Legal jargon aside, this as-yet-to-be-identified individual is an idiot. Six hundred songs in a day? If the RIAA hadn't jumped for infringement, Verizon should have based on the amount of data they were sucking down in a 24 hour period. Hmmm, let's do the math -- 600 x 2 MB (average file size) = a whole lot of data that is passing through your pipe. Someone was clearly asleep at the wheel.

That seems extraordinarily foolhardy to me. When my hard drive fried I needed to download a few Linux and FreeBSD distributions. That was easily in the many gigs in a day. I would have been absolutely flabbergasted had my service provider shut me down in the middle of my transfer. And, I assume that my service provider (or Verizon) would soon have very few broadband customers, or be overrun with "action items" requiring them to violate their customers' privacy by checking on what they were downloading if they took Ms. Loizides' advice.

Later:Not to pick on Ms. Loizides, but her most recent web log entry also has this to say about the decision: "Under the law, Verizon lost their bid to re-define themselves." While I agree with her proposition that definitions matter in law, the Verizon decision was not about Verizon trying to redefine itself or fit into a different sub-section of 512. The court found that the type of service provider that Verizon is (512(a)) doesn't matter for 512(h). Any type of service provider under 512(a)-(d) must respond to a 512(h) subpoena.

A friend of mine who has been a courts reporter for a daily newspaper and is now freelancing about, among other things, digital rights issues, sent me the following:

I think [litigating internet issues is] along thelines of playing cowboy, but instead of cattle, you're roping the abyss. WhenI was writing about the courts, so much of it dealt with established criminalstatutes that it was hard to find something unique -- it usually involved atiny point of federal sentencing guidelines. Here, it's completely underconstruction -- the laws are still being written and the new ones are stillbeing tested.

Good luck building the barn...

Of course, that made my day, but I am not sure we are so unique either in the legal profession or in the world. I wrote back:

You made my day. Thanks, never been called a cowboy before. But, this is true of every type of law -- I think. If you look closely enough, there are always issues that have never been heard, or facts that laws have never been applied to, or the need to come up with a creative application of some old legal doctrine or new statute. As with journalism, whatever story you are currently working on has never been told the way you are about to tell it (and you get to be learning along the way). Probably why I love my job and why freelancing is such a kick.

And, why I think bricolage is something that we all do and that we all could do more of.

Here I want to take issue with Seth's question: whether Fisher has suggested the "dreaded pay-per-view society." To which I would answer, not necessarily. As I understand Fisher's suggestion, money is collected as a tax/license on media or other digital music associated goods (bandwidth etc) and then is allocated based on use. So I pay what amounts to a fee for use of bandwidth or other goods and then the money I pay gets distributed (along with everyone else's) based on my (and everyone else's) listening etc. to the music. Artists are paid-per-view (although sampling may be more appropriate here and I don't know which Fisher proposes) but I pay-per-related-good. Some uses will in fact be pay-per-use (streaming if bandwidth is taxed and metered for example) but many will be flat rate (listening to an mp3 on a taxed hard drive for example).

One of the main questions is, how will the compulsory license revenues be distributed. In Fisher's model, there will be some sort of counting done. Since I have been working on a voluntary version of this for some time in order to help me keep track of what I listen to and listen more often to tunes I don't hear as much, I can certainly attest to how difficult it is to do rigorously. So, Seth's point is certainly well taken. The devil is in the details and 100% measurement sounds Fritzian, (or Orwellian). However, on many platforms it is relatively easy -- hey if I can code it, it must be easy. Particularly if you don't have to worry about cheating. So, if we aren't worried about being accurate, but only about sampling and estimating, I think it can be pretty easily done (see Neilson's).

Update: Ed Felten has picked up the thread with a similar but different post which takes into account why people might want to cheat.

But even if there was perfect sampling, I think there's a major obstacle in making the money numbers work. ... I'd really like to see some numbers attached to the idea. These are the sorts of grubbly details that tend to sink appealing speculations.

Only under extraordinary circumstances can an article be removed (e.g., plagiarism, scientific misconduct, gross error such that human safety is at risk) and then a statement is inserted to indicate the removal.

This highlights one of the unique difficulties true archives face in keeping their promise of perpetually preserving a work. [via FOS Blog].

A plea for goliath-to-david linking ethics (big site to small site) on Kuro5hin has sparked some discussion about the ethics of knowingly bringing the Slashdot effect down on a little site (reminds me of the old Hacktivism trick of distributed denial of service attacks through javascript -- one instance was called "Floodnet"). Specifically, zonker argues that big sites aught not to link without permission (and offer to mirror with permission as well). bIPlog says that it is a sensible argument and the flipside of the many arguments against a "right to link." I disagree.

For starters, that analysis is too simplistic. Linking to publicly available sources ought to be allowed. Launching distributed denial of service attacks against them is not good manners, whether by linking or by javascript manic page reloading. But these two statements are not opposed. Whether distributed denial of service by high profile link should be illegal is another question. Section 502(c)(5) of the California Penal Code may already go that far.

Another problem with zonker's proscription is that it argues that mirroring/caching should require permission (be opt-in) but the web would be a much less beautiful place if that were the case (think of the problems Google or the Internet Archive would face -- or even IE or Netscape and caching).

Provide caches of the first page or movie or image on which they are reporting for pages that do not have advertising (but leave direct links for very large sites and pages supported by advertising)

Keep links off that page pointing to the real site; and

Remove the caches after a limited (short) time.

That way advertising supported sites get the maximum amount of advertising, but sites not supported by advertising on the about to be slashdotted pages are not overwhelmed. I would not require permission for linking or caching. That permission is implicit in the posting of a publicly accessible web page. Prohibiting linking in order to deal with slashdotting is not a sensible argument.

Phish is trying a new way of distributing music for their most recent tour. At Live Phish you can buy MP3s and SHNs from the tour and receive them by download two days after each show. No DRM. Interesting experiment, especially since Phish allows taping of their shows. I just downloaded the New Year's Eve show.

Primary advantages of Live Phish Downloads over audience recordings are: pristine soundboard quality, faster and more reliable downloading and quick turnaround. In most cases, shows will be available for download within forty-eight hours. Each show is carefully indexed and comes with printable booklets (containing liner notes), tray inlays and CD labels. The files are served by a robust delivery network capable of serving thousands of simultaneous downloads, ensuring the fastest and most reliable download experience for the user. We also offer quick response customer service to help sort out any problems that may arise. That being said, audience taping has always been and will continue to be a defining element of the Phish experience. Live Phish Downloads offers an alternative, convenient route to obtaining live recordings and is in no way intended to supplant or undermine the taping community.